Name of act, date and #: April, 21 Decree on Personal Data Protection (PDPD) has finally been issued as Decree No. 13/2023/ND-CP
Effective on: 01 July 2023
Grace period: 2 years, applicable solely to small-and-medium sized enterprises
Mirroring the EU’s General Data Protection Regulation in different aspects, the PDPD introduces various new requirements:
-Extra-territorial scope, both local and offshore entities directly engaging in and/or related to personal data processing activities in Vietnam;
- Strict time limit for DSAR;
-Subjects – introduces the concept of “data controlling and processing entity”
-Non-exausted list of sensitive data -classifies personal data into two groups of “basic personal data” and “sensitive personal data”. In which, the list of sensitive personal data is very broad and non-exhaustive
Comments